repsheet_visualizer 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -0
- data/Gemfile.lock +1 -1
- data/README.md +6 -4
- data/lib/repsheet_visualizer/application/app.rb +3 -2
- data/lib/repsheet_visualizer/application/backend.rb +8 -12
- data/lib/repsheet_visualizer/application/public/javascripts/application.js +3 -3
- data/lib/repsheet_visualizer/application/views/activity.erb +1 -1
- data/lib/repsheet_visualizer/application/views/actors.erb +1 -1
- data/lib/repsheet_visualizer/application/views/breakdown.erb +10 -10
- data/lib/repsheet_visualizer/application/views/worldview.erb +1 -1
- data/lib/repsheet_visualizer/version.rb +1 -1
- data/script/fill +2 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f98f7e61dc56515d36646dd74b76486a069ad677
|
|
4
|
+
data.tar.gz: 6fdb7a815f6ae92361d9a5628eb20445619787ad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 030d9e94c181dc2c948eed48415322379537ba7a44e708732b9e3955fcba4f0ac66dafd416e17d7d6281f1fef314d0674d537ba8d62a992f65c6073b77d42fcc
|
|
7
|
+
data.tar.gz: 9516b4fb6cb68e5ada5df76f0d7420c35f675cc1036e304f08065ffc098aed7df9e7e86641e3c04b641f2cc48c0ac96186ea0e186f7d9050dc6d1de5101a75b8
|
data/.travis.yml
ADDED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
|
-
#
|
|
1
|
+
#Repsheet Visualizer [](http://travis-ci.org/repsheet/visualizer?branch=master)
|
|
2
|
+
|
|
3
|
+
This is the visualization component for Repsheet. It displays information on offending actors and allows for manual blacklisting. It provides a world map that displays the location of offending actors which allows for identification of global attack patterns. It is still under active development and will undergo some pretty major changes over the next several months.
|
|
2
4
|
|
|
3
5
|
## Setup
|
|
4
6
|
|
|
5
|
-
You will need to have Ruby/RubyGems installed. This app has been tested on Ruby 1.9.3.
|
|
7
|
+
You will need to have Ruby/RubyGems installed. If you would like to use the world map feature, you will need a copy of the [GeoLiteCity Database](http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz). This app has been tested on Ruby 1.9.3 Ruby 2.0.0. You will also need access to the Repsheet Redis database. There are several ways of running the Visualizer application, but the simplest is to just run the command line program:
|
|
6
8
|
|
|
7
9
|
``` sh
|
|
8
10
|
bundle install
|
|
9
|
-
|
|
11
|
+
bin/repsheet_visualizer <redis_host> <redis_port> <path_to_geolite_database>
|
|
10
12
|
```
|
|
11
13
|
|
|
12
|
-
Visit [http://localhost:4567](http://localhost:
|
|
14
|
+
Visit [http://localhost:4567](http://localhost:4567) to view the application
|
|
@@ -51,7 +51,7 @@ class RepsheetVisualizer < Sinatra::Base
|
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
get '/breakdown' do
|
|
54
|
-
@data
|
|
54
|
+
@data = Backend.breakdown(redis_connection)
|
|
55
55
|
erb :breakdown
|
|
56
56
|
end
|
|
57
57
|
|
|
@@ -72,8 +72,9 @@ class RepsheetVisualizer < Sinatra::Base
|
|
|
72
72
|
if params["action"] == "allow"
|
|
73
73
|
connection.del("#{params[:ip]}:repsheet:blacklist")
|
|
74
74
|
else
|
|
75
|
+
ttl = connection.ttl("#{params[:ip]}:requests")
|
|
75
76
|
connection.set("#{params[:ip]}:repsheet:blacklist", "true")
|
|
76
|
-
connection.expire("#{params[:ip]}:repsheet:blacklist",
|
|
77
|
+
connection.expire("#{params[:ip]}:repsheet:blacklist", ttl)
|
|
77
78
|
end
|
|
78
79
|
redirect back
|
|
79
80
|
end
|
|
@@ -10,18 +10,14 @@ class Backend
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def self.breakdown(connection)
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
# aggregate = Hash.new 0
|
|
22
|
-
# data.each {|ip,data| data["totals"].each {|rule,count| aggregate[rule] += count.to_i}}
|
|
23
|
-
# [data, aggregate]
|
|
24
|
-
[{},{}]
|
|
13
|
+
data = Hash.new(0)
|
|
14
|
+
offenders = connection.keys("*:repsheet").map {|o| o.split(":").first}
|
|
15
|
+
offenders.each do |offender|
|
|
16
|
+
connection.zrange("#{offender}:detected", 0, -1).each do |rule|
|
|
17
|
+
data[rule] += connection.zscore("#{offender}:detected", rule).to_i
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
data.take(10)
|
|
25
21
|
end
|
|
26
22
|
|
|
27
23
|
def self.activity(connection, actor)
|
|
@@ -9,9 +9,9 @@ function angle(d) {
|
|
|
9
9
|
}
|
|
10
10
|
|
|
11
11
|
function pie(dataSet) {
|
|
12
|
-
var canvasWidth =
|
|
13
|
-
canvasHeight =
|
|
14
|
-
outerRadius =
|
|
12
|
+
var canvasWidth = 700,
|
|
13
|
+
canvasHeight = 700,
|
|
14
|
+
outerRadius = 250,
|
|
15
15
|
color = d3.scale.category20();
|
|
16
16
|
|
|
17
17
|
var vis = d3.select("#total").append("svg:svg")
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
<div class="nav-collapse collapse">
|
|
36
36
|
<ul class="nav">
|
|
37
37
|
<li><a href="<%= @mount %>">Actors</a></li>
|
|
38
|
-
|
|
38
|
+
<li><a href="<%= @mount %>breakdown">Breakdown</a></li>
|
|
39
39
|
<li><a href="<%= @mount %>worldview">Worldview</a></li>
|
|
40
40
|
</ul>
|
|
41
41
|
</div>
|
|
@@ -90,7 +90,7 @@
|
|
|
90
90
|
<div class="nav-collapse collapse">
|
|
91
91
|
<ul class="nav">
|
|
92
92
|
<li class="active"><a href="<%= @mount %>">Actors</a></li>
|
|
93
|
-
|
|
93
|
+
<li><a href="<%= @mount %>breakdown">Breakdown</a></li>
|
|
94
94
|
<li><a href="<%= @mount %>worldview">Worldview</a></li>
|
|
95
95
|
</ul>
|
|
96
96
|
</div>
|
|
@@ -27,9 +27,14 @@
|
|
|
27
27
|
font-size: 20px;
|
|
28
28
|
font-weight: bold;
|
|
29
29
|
}
|
|
30
|
+
|
|
31
|
+
svg {
|
|
32
|
+
display: block;
|
|
33
|
+
margin: auto;
|
|
34
|
+
}
|
|
30
35
|
</style>
|
|
31
36
|
<link href="<%= @mount %>css/bootstrap-responsive.css" rel="stylesheet">
|
|
32
|
-
|
|
37
|
+
|
|
33
38
|
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
|
|
34
39
|
<!--[if lt IE 9]>
|
|
35
40
|
<script src="<%= @mount %>javascripts/html5shiv.js"></script>
|
|
@@ -59,15 +64,10 @@
|
|
|
59
64
|
|
|
60
65
|
<div class="container">
|
|
61
66
|
<div id="total">
|
|
62
|
-
<p class="announce">Mod Security
|
|
63
|
-
<
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
<div id="individual">
|
|
67
|
-
<p class="announce">Breakdown by IP</p>
|
|
68
|
-
<% @data.each do |ip, data| %>
|
|
69
|
-
<script>donut(<%= data["totals"].keys.to_json %>, <%= {:label => ip, :pct => data["totals"].values}.to_json %>);</script>
|
|
70
|
-
<% end %>
|
|
67
|
+
<p class="announce">Top 10 Mod Security Rules Triggered</p>
|
|
68
|
+
<div id="chart" class="offset3 span6">
|
|
69
|
+
<script>pie(<%= @data.collect {|k,v| {"legendLabel" => k, "magnitude" => v}}.to_json %>);</script>
|
|
70
|
+
</div>
|
|
71
71
|
</div>
|
|
72
72
|
</div>
|
|
73
73
|
</body>
|
|
@@ -38,7 +38,7 @@
|
|
|
38
38
|
<div class="nav-collapse collapse">
|
|
39
39
|
<ul class="nav">
|
|
40
40
|
<li><a href="<%= @mount %>">Actors</a></li>
|
|
41
|
-
|
|
41
|
+
<li><a href="<%= @mount %>breakdown">Breakdown</a></li>
|
|
42
42
|
<li class="active"><a href="<%= @mount %>worldview">Worldview</a></li>
|
|
43
43
|
</ul>
|
|
44
44
|
</div>
|
data/script/fill
CHANGED
|
@@ -6,8 +6,9 @@ r = Redis.new
|
|
|
6
6
|
r.flushdb
|
|
7
7
|
|
|
8
8
|
255.times do |i|
|
|
9
|
-
r.zincrby("1.1.1.#{i}:detected", rand(
|
|
9
|
+
r.zincrby("1.1.1.#{i}:detected", rand(100), "950001")
|
|
10
10
|
r.lpush("1.1.1.#{i}:requests", "123, Chrome, GET, foo, bar")
|
|
11
|
+
r.set("1.1.1.#{i}:repsheet", true)
|
|
11
12
|
|
|
12
13
|
if i > 220
|
|
13
14
|
r.set("1.1.1.#{i}:repsheet:blacklist", "true")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: repsheet_visualizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Bedra
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
11
|
+
date: 2013-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: geoip
|
|
@@ -133,6 +133,7 @@ files:
|
|
|
133
133
|
- .gitignore
|
|
134
134
|
- .rspec
|
|
135
135
|
- .rvmrc
|
|
136
|
+
- .travis.yml
|
|
136
137
|
- Gemfile
|
|
137
138
|
- Gemfile.lock
|
|
138
139
|
- LICENSE.txt
|